<section>
  {{#unless isEnabled}}
    <div class="banner bg-warning">
      <div class="banner-icon">
        <span class="icon icon-alert"></span>
      </div>
      <div class="banner-message">
        <p>
          {{t "ldap.header.disabled.label" providerName=(t providerName)}}
        </p>
      </div>
    </div>
  {{/unless}}
</section>
{{#accordion-list showExpandAll=false as |al expandFn|}}
  {{#if isEnabled}}
    {{#accordion-list-item
      classNames="mt-30"
      detail=(t
        "ldap.accessConfig.subtext1" providerName=(t providerName) htmlSafe=true
      )
      expand=(action expandFn)
      expandAll=al.expandAll
      expandOnInit=true
      expanded=true
      showExpand=false
      title=(t "ldap.accessEnabled.header")
    }}
      <section class="">
        <div class="clearfix">
          <div class="pull-right">
            <button
              class="btn btn-sm bg-primary"
              type="button"
              {{action "edit"}}
            >
              {{t "generic.edit"}}
            </button>
            <button
              class="btn btn-sm right-divider-btn bg-error"
              type="button"
              {{action "disable"}}
            >
              {{t "ldap.accessEnabled.disable.confirmDisable.pre"}}
            </button>
          </div>
        </div>
        <hr />
        <p class="text-info">
          {{t "ldap.accessEnabled.subtext"}}
        </p>
        <div class="row">
          <div class="col span-4 force-wrap">
            <h3>
              {{t "ldap.accessEnabled.general.header"}}
            </h3>
            <div>
              <b>
                {{t "ldap.accessEnabled.general.server"}}
              </b>
              <span class="text-muted">
                {{authConfig.servers.firstObject}} : {{authConfig.port}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.general.encryption"}}
              </b>
              <span class="text-muted">
                {{upper-case encryption}}
              </span>
            </div>
            {{#if authConfig.serviceAccountUsername}}
              <div>
                <b>
                  {{t "ldap.accessEnabled.general.serviceAccount"}}
                </b>
                <span class="text-muted">
                  {{authConfig.serviceAccountUsername}}
                </span>
              </div>
            {{/if}}
            {{#if authConfig.serviceAccountDistinguishedName.labelText}}
              <div>
                <b>
                  {{t "ldap.accessEnabled.serviceAccountDistinguishedName"}}
                </b>
                <span class="text-muted">
                  {{authConfig.serviceAccountDistinguishedName}}
                </span>
              </div>
            {{/if}}
            {{#if (eq authConfig.type "activeDirectoryConfig")}}
              <div>
                <b>
                  {{t "ldap.accessEnabled.general.defaultDomain"}}
                </b>
                <span class="text-muted">
                  {{authConfig.defaultLoginDomain}}
                </span>
              </div>
            {{/if}}
            <div>
              <b>
                {{t "ldap.accessEnabled.connectionTimeout.labelText"}}
              </b>
              <span class="text-muted">
                {{authConfig.connectionTimeout}}
              </span>
            </div>
          </div>
          <div class="col span-4 force-wrap">
            <h3>
              {{t "ldap.accessEnabled.users.header"}}
            </h3>
            <div class="force-wrap">
              <b>
                {{t "ldap.accessEnabled.general.searchBase"}}
              </b>
              <span class="text-muted">
                {{authConfig.userSearchBase}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.users.objectClass"}}
              </b>
              <span class="text-muted">
                {{authConfig.userObjectClass}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.users.login"}}
              </b>
              <span class="text-muted">
                {{authConfig.userLoginAttribute}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.users.name"}}
              </b>
              <span class="text-muted">
                {{authConfig.userNameAttribute}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.users.search"}}
              </b>
              <span class="text-muted">
                {{authConfig.userSearchAttribute}}
              </span>
            </div>
            {{#if authConfig.userSearchFilter}}
              <div>
                <b>
                  {{t "ldap.accessEnabled.users.searchFilter"}}
                </b>
                <span class="text-muted">
                  {{authConfig.userSearchFilter}}
                </span>
              </div>
            {{/if}}
            <div>
              <b>
                {{t "ldap.accessEnabled.users.enabled"}}
              </b>
              <span class="text-muted">
                {{authConfig.userEnabledAttribute}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.users.disabledBitMask"}}
              </b>
              <span class="text-muted">
                {{authConfig.userDisabledBitMask}}
              </span>
            </div>
          </div>
          <div class="col span-4 force-wrap">
            <h3>
              {{t "ldap.accessEnabled.group.header"}}
            </h3>
            <div class="force-wrap">
              <b>
                {{t "ldap.accessEnabled.general.searchBase"}}
              </b>
              <span class="text-muted">
                {{authConfig.groupSearchBase}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.group.objectClass"}}
              </b>
              <span class="text-muted">
                {{authConfig.groupObjectClass}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.group.name"}}
              </b>
              <span class="text-muted">
                {{authConfig.groupNameAttribute}}
              </span>
            </div>
            <div>
              <b>
                {{t "ldap.accessEnabled.group.search"}}
              </b>
              <span class="text-muted">
                {{authConfig.groupSearchAttribute}}
              </span>
            </div>
            {{#if authConfig.groupSearchFilter}}
              <div>
                <b>
                  {{t "ldap.accessEnabled.group.searchFilter"}}
                </b>
                <span class="text-muted">
                  {{authConfig.groupSearchFilter}}
                </span>
              </div>
            {{/if}}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}
  {{/if}}
  {{#if (or (not isEnabled) editing)}}
    {{#accordion-list-item
      classNames="mt-30"
      detail=(t
        "ldap.accessConfig.subtext1" providerName=(t providerName) htmlSafe=true
      )
      expand=(action expandFn)
      expandAll=al.expandAll
      expandOnInit=true
      expanded=true
      showExpand=false
      title=(t "ldap.accessConfig.header" providerName=(t providerName))
    }}
      <section class="">
        <div class="row">
          <div class="col span-6 mb-0">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "model.openldapconfig.server.label"}}
                {{field-required}}
              </label>
              {{input value=configServers classNames="form-control"}}
            </div>
          </div>
          <div class="col span-2 mb-0">
            <label class="acc-label pb-5">
              {{t "ldap.accessConfig.port.labelText"}}
            </label>
            <div class="input-group">
              {{input-integer
                value=authConfig.port
                min=1
                max=65535
                classNames="form-control"
              }}
            </div>
          </div>
          <div class="col span-4 mb-0">
            <label class="acc-label pb-5">
              {{t "ldap.accessConfig.port.radioGroup.label"}}
            </label>
            <div class="radio">
              <label>
                {{radio-button selection=encryption value="none"}}
                {{t "ldap.accessConfig.port.radioGroup.none"}}
              </label>
            </div>
            <div class="radio">
              <label>
                {{radio-button selection=encryption value="tls"}}
                {{t "ldap.accessConfig.port.radioGroup.tls"}}
              </label>
            </div>
            <div class="radio">
              <label>
                {{radio-button selection=encryption value="starttls"}}
                {{t "ldap.accessConfig.port.radioGroup.starttls"}}
              </label>
              <p class="help-block">
                {{t "ldap.accessConfig.starttls.helpText"}}
              </p>
            </div>
          </div>
        </div>
        {{#if (or authConfig.tls authConfig.starttls)}}
          <div class="row pt-10">
            <div class="col span-12 input-group mt-0">
              {{input-text-file
                label="ldap.customizeSchema.cert.labelText"
                value=authConfig.certificate
                canChangeName=false
                accept="text/plain,.pem,.pkey,.key"
                minHeight=60
                placeholder="ldap.customizeSchema.cert.placeholder"
                shouldChangeName=false
              }}
              <p class="help-block">
                {{t "ldap.customizeSchema.cert.helpText"}}
              </p>
            </div>
          </div>
          <hr/>
        {{/if}}
        <div class="row">
          <div class="col span-6 mb-0">
            <label class="acc-label pb-5">
              {{t "ldap.accessConfig.connectionTimeout.labelText"}}
              {{field-required}}
            </label>
            <div class="input-group">
              {{input-integer
                value=authConfig.connectionTimeout
                min=1
                classNames="form-control"
              }}
              <span class="input-group-addon bg-default">
                <label>
                  {{t "generic.milliseconds"}}
                </label>
              </span>
            </div>
          </div>
        </div>
        <hr class="mt-30 mb-30" />
        <p class="text-info mb-0">
          {{t "ldap.accessConfig.subtext2" appName=settings.appName}}
        </p>
        <div class="row">
          {{#if (eq authConfig.type "activeDirectoryConfig")}}
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">
                  {{t "model.openldapconfig.serviceAccountUsername.label"}}
                  {{field-required}}
                </label>
                {{input
                  value=authConfig.serviceAccountUsername
                  classNames="form-control"
                }}
              </div>
            </div>
          {{else}}
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">
                  {{t
                    "ldap.accessConfig.serviceAccountDistinguishedName.labelText"
                  }}
                  {{field-required}}
                </label>
                {{input
                  value=authConfig.serviceAccountDistinguishedName
                  classNames="form-control"
                }}
              </div>
            </div>
          {{/if}}
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "model.openldapconfig.serviceAccountPassword.label"}}
                {{field-required}}
              </label>
              {{input
                type="password"
                value=authConfig.serviceAccountPassword
                classNames="form-control"
              }}
            </div>
          </div>
        </div>
        {{#if (eq authConfig.type "activeDirectoryConfig")}}
          <div class="row">
            <div class="col span-6">
              <div class="inline-form">
                <label class="acc-label pb-5">
                  {{t "ldap.accessConfig.defaultDomain.labelText"}}
                </label>
                {{input
                  value=authConfig.defaultLoginDomain
                  classNames="form-control"
                  placeholder=(t "ldap.accessConfig.defaultDomain.placeholder")
                }}
                <p class="help-block">
                  {{t "ldap.accessConfig.defaultDomain.helpText"}}
                </p>
              </div>
            </div>
          </div>
        {{/if}}
        <div class="row">
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.searchBase.labelText"}}
                {{field-required}}
              </label>
              {{input
                value=authConfig.userSearchBase
                classNames="form-control"
                placeholder=(t "ldap.accessConfig.userSearchBase.placeholder")
              }}
              <p class="help-block">
                {{t "model.openldapconfig.domain.help"}}
              </p>
            </div>
          </div>
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "ldap.accessConfig.groupSearchBase.labelText"}}
              </label>
              {{input
                value=authConfig.groupSearchBase
                classNames="form-control"
                placeholder=(t "ldap.accessConfig.groupSearchBase.placeholder")
              }}
              <p class="help-block">
                {{t "ldap.accessConfig.groupSearchBase.helpText"}}
              </p>
            </div>
          </div>
        </div>
      </section>
    {{/accordion-list-item}}
    {{#accordion-list-item
      title=(t "ldap.customizeSchema.header")
      detail=(t "ldap.customizeSchema.helpText")
      expandAll=al.expandAll
      expand=(action expandFn)
    }}
      <section class="">
        <div class="row">
          <div class="col span-6">
            <h3>
              {{t "ldap.customizeSchema.users.header"}}
            </h3>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.objectClass.labelText"}}
              </label>
              {{input value=authConfig.userObjectClass classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.name.labelText"}}
              </label>
              {{input
                value=authConfig.userNameAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.login.labelText"}}
              </label>
              {{input
                value=authConfig.userLoginAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.userMemberAttribute.labelText"}}
              </label>
              {{input
                value=authConfig.userMemberAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.search.labelText"}}
              </label>
              {{input
                value=authConfig.userSearchAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.searchFilter.labelText"}}
              </label>
              {{input
                value=authConfig.userSearchFilter
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.enabledAttribute.labelText"}}
              </label>
              {{input
                value=authConfig.userEnabledAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.users.disabledBitMask.labelText"}}
              </label>
              {{input-integer
                value=authConfig.userDisabledBitMask
                min=1
                classNames="form-control"
              }}
            </div>
          </div>
          <div class="col span-6">
            <h3>
              {{t "ldap.customizeSchema.groups.header"}}
            </h3>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.objectClass.labelText"}}
              </label>
              {{input
                value=authConfig.groupObjectClass
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.name.labelText"}}
              </label>
              {{input
                value=authConfig.groupNameAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.groupMemberUser.labelText"}}
              </label>
              {{input
                value=authConfig.groupMemberUserAttribute
                classNames="form-control"
                placeholder=(t
                  "ldap.customizeSchema.groups.groupMemberUser.placeholder"
                )
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.search.labelText"}}
              </label>
              {{input
                value=authConfig.groupSearchAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.searchFilter.labelText"}}
              </label>
              {{input
                value=authConfig.groupSearchFilter
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.groupMemberMapping.labelText"}}
              </label>
              {{input
                value=authConfig.groupMemberMappingAttribute
                classNames="form-control"
              }}
            </div>
            <div class="pb-20">
              <label class="acc-label pb-5">
                {{t "ldap.customizeSchema.groups.groupDN.labelText"}}
              </label>
              {{input
                value=authConfig.groupDNAttribute
                classNames="form-control"
                placeholder=(t
                  "ldap.customizeSchema.groups.groupDN.placeholder"
                )
              }}
            </div>
            {{#if (not-eq authConfig.id "freeipa")}}
              <div class="pb-20">
                <label class="acc-label pb-5">
                  {{t "ldap.customizeSchema.groups.nestedGroup.title"}}
                </label>
                <div class="radio">
                  <label class="acc-label pb-5">
                    {{radio-button
                      selection=authConfig.nestedGroupMembershipEnabled
                      value=false
                    }}
                    {{t
                      "ldap.customizeSchema.groups.nestedGroup.disabled.labelText"
                    }}
                  </label>
                </div>
                <div class="radio">
                  <label class="acc-label pb-5">
                    {{radio-button
                      selection=authConfig.nestedGroupMembershipEnabled
                      value=true
                    }}
                    {{t
                      "ldap.customizeSchema.groups.nestedGroup.enabled.labelText"
                    }}
                    <p class="help-block">
                      {{t
                        "ldap.customizeSchema.groups.nestedGroup.enabled.helpText"
                      }}
                    </p>
                  </label>
                </div>
              </div>
            {{/if}}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}
    {{#accordion-list-item
      detail=(t "ldap.testAuth.helpText" providerName=(t providerName))
      expand=(action expandFn)
      expandAll=al.expandAll
      expandOnInit=true
      expanded=true
      showExpand=false
      title=(t "ldap.testAuth.header")
    }}
      <section class="">
        <div class="row">
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "ldap.testAuth.userName.labelText"}}
                {{field-required}}
              </label>
              {{input value=username classNames="form-control"}}
            </div>
          </div>
          <div class="col span-6">
            <div class="inline-form">
              <label class="acc-label pb-5">
                {{t "ldap.testAuth.password.labelText"}}
                {{field-required}}
              </label>
              {{input type="password" value=password classNames="form-control"}}
            </div>
          </div>
        </div>
        <div class="row">
          {{top-errors errors=errors}}
          <div class="col span-12">
            {{save-cancel
              editing=editing
              save=(action "test")
              saveDisabled=createDisabled
              cancel=(action "cancel")
              createLabel="ldap.testAuth.authenticate.pre"
              savingLabel="ldap.testAuth.authenticate.post"
              btnLabel=providerSaveLabel
              saving=testing
            }}
          </div>
        </div>
      </section>
    {{/accordion-list-item}}
  {{/if}}
  {{#if isEnabled}}
    {{#accordion-list-item
      classNames="mt-30"
      detail=(t "siteAccess.helpText" appName=settings.appName htmlSafe=true)
      expand=(action expandFn)
      expandAll=al.expandAll
      expandOnInit=true
      expanded=true
      showExpand=false
      title=(t "siteAccess.header")
    }}
      {{site-access
        model=authConfig
        principals=model.principals
        collection="siteAccess.organizations"
      }}
    {{/accordion-list-item}}
  {{/if}}
{{/accordion-list}}